通过JavaScript进行的CORS请求:所请求的资源上不存在“ Access-Control-Allow-Origin”标头

时间:2018-10-11 19:52:26

标签: javascript http tomcat cors

我在控制台中收到以下CORS错误。我配置了tomcat Server web.xml并尝试使用请求标头。.仍然没有运气,我遇到了同样的错误。

无法加载https://api.beeline.com/company/foundational/GetToken:对预检请求的响应未通过访问控制检查:所请求的资源上没有'Access-Control-Allow-Origin'标头。因此,不允许访问来源“ http://server:8080”。如果不透明的响应满足您的需求,请将请求的模式设置为“ no-cors”以在禁用CORS的情况下获取资源。

    <script> 

Const uri = 'https://api.beeline.com/company/foundational/GetToken';

        let h = new Headers();

        h.append('Access-Control-Allow-Origin', '*');

        h.append('ClientID', '***********');
        h.append('ClientSecret', '***************');
        h.append('UserAPIKey', '*************');
        h.append('Username', 'user');
        h.append('Accept', '*/*')

        let req = new Request(uri, {
            method: 'GET',
            headers: h
        });


        fetch(req)
            .then ( (response) => {
                if(response.ok){
                    return response.json();
                }else{
                    throw new Error();
                }
            })
            .then ( (jsonData) => {
                console.log(jsonData);
            })
            .catch( (err) =>{
                console.log('ERROR:', err.message);
            });
    </script>

我将Tomcat web.xml配置为包括过滤器,但仍然没有运气。 

<filter>
    <filter-name>CorsFilter</filter-name>
    <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
    <init-param>
        <param-name>cors.allowed.origins</param-name>
        <param-value>*</param-value>
    </init-param>
    <init-param>
        <param-name>cors.allowed.methods</param-name>
        <param-value>GET,POST,PUT,DELETE,HEAD,OPTIONS</param-value>
    </init-param>
    <init-param>
        <param-name>cors.allowed.headers</param-name>
        <param-value>Content-Type,X-Requested-With,Accept,Authorization,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
    </init-param>
    <init-param>
        <param-name>cors.exposed.headers</param-name>
        <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>CorsFilter</filter-name>
    <url-pattern> /bia/* </url-pattern>
</filter-mapping>

常规

Request URL: https://api.beeline.com/company/foundational/GetToken
Request Method: OPTIONS
Status Code: 200 OK
Remote Address: 45.45.56.***:**
Referrer Policy: no-referrer-when-downgrade

响应标题:

        Access-Control-Allow-Headers: access-control-allow-origin,clientid,clientsecret,userapikey,username
Access-Control-Allow-Methods: GET
Connection: Keep-Alive
Content-Length: 0
Date: Thu, 11 Oct 2018 19:47:18 GMT

请求标头:

Provisional headers are shown
Access-Control-Request-Headers: access-control-allow-origin,clientid,clientsecret,userapikey,username
Access-Control-Request-Method: GET
DNT: 1
Origin: http://server:9001
Referer: http://server:9001/bia/apiTest.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36

0 个答案:

没有答案
相关问题
最新问题